You can leave the proxy running on port 3128. Simply add an intercept on port 80. Will have to think about the other one.
Do you need actual authentication or will people be connecting from a trusted range of IPs ?
ntlm authentication
Moderator: Qbik Staff
40 posts
• Page 2 of 2 • 1, 2
by inthesands » Sep 08 04 4:36 pm
I need actual authentication, as some people will be with changing Ip's.
So it would create a 2 fold security. Get through the firewall first, before authentication with the internal NT server.
I'm not sure if this is possible.
However, what about if from known fixed external IP?
So it would create a 2 fold security. Get through the firewall first, before authentication with the internal NT server.
I'm not sure if this is possible.
However, what about if from known fixed external IP?
- inthesands
- Posts: 36
- Joined: Sep 07 04 7:42 pm
by inthesands » Sep 08 04 5:35 pm
Regarding having now setup basic authentication, with user can be assumed,
how do I get wingate to NEED to authenticate some users, while others (like myself) WOULD NOT need to be authenticated.
how do I get wingate to NEED to authenticate some users, while others (like myself) WOULD NOT need to be authenticated.
- inthesands
- Posts: 36
- Joined: Sep 07 04 7:42 pm
by inthesands » Sep 10 04 2:10 pm
Now, I have got the authentication working well, for my internal users.
BUT,
I have setup the www proxy to redirect non proxy request to my internal www server. Now, when external clients connect from the internet, they also have to authenticate. How do I get around this?
OR
should I setup port 80 to ONLY service external requests to my www server, and setup another port eg 8080 to service my internal IE clients?
Surely, if I just open up the port, I am again vulerable.
BUT,
I have setup the www proxy to redirect non proxy request to my internal www server. Now, when external clients connect from the internet, they also have to authenticate. How do I get around this?
OR
should I setup port 80 to ONLY service external requests to my www server, and setup another port eg 8080 to service my internal IE clients?
Surely, if I just open up the port, I am again vulerable.
- inthesands
- Posts: 36
- Joined: Sep 07 04 7:42 pm
by inthesands » Sep 10 04 2:36 pm
That doesn't work. If I don't have a port 80 bound to an external NIC, how can I service www requests to the DMZ?
- inthesands
- Posts: 36
- Joined: Sep 07 04 7:42 pm
by Pascal » Sep 10 04 2:40 pm
You will have to open a hole externally, to let the traffic in - then use routing as Adrien describes in the post he just made under the DMZ topic. (The static routes, from yesterday?)
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by inthesands » Sep 10 04 7:40 pm
I cannot get www proxy with pipe non proxy requests to work, and have authentication on.
I can only have it setup on port 80, redirect non proxy to my internal www server, with no authentication. Then outside users can get my web page.
I had to set up a new www proxy service, I chose port 3128, for internal users, then I can get the internal users authenticated.
I can only have it setup on port 80, redirect non proxy to my internal www server, with no authentication. Then outside users can get my web page.
I had to set up a new www proxy service, I chose port 3128, for internal users, then I can get the internal users authenticated.
- inthesands
- Posts: 36
- Joined: Sep 07 04 7:42 pm
40 posts
• Page 2 of 2 • 1, 2
Who is online
Users browsing this forum: Bing [Bot] and 0 guests